linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Stephan Mueller <smueller@chronox.de>
To: "David Jaša" <djasa@redhat.com>
Cc: Andi Kleen <andi@firstfloor.org>,
	sandyinchina@gmail.com,
	Jason Cooper <cryptography@lakedaemon.net>,
	John Denker <jsd@av8n.com>,
	"H. Peter Anvin" <hpa@linux.intel.com>,
	Joe Perches <joe@perches.com>, Pavel Machek <pavel@ucw.cz>,
	George Spelvin <linux@horizon.com>,
	linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v4 0/5] /dev/random - a new approach
Date: Wed, 15 Jun 2016 18:58:50 +0200	[thread overview]
Message-ID: <6137456.oZ1CFC9kFY@positron.chronox.de> (raw)
In-Reply-To: <1466007463.20087.11.camel@redhat.com>

Am Mittwoch, 15. Juni 2016, 18:17:43 schrieb David Jaša:

Hi David,

> Hello Stephan,
> 
> Did you consider blocking urandom output or returning error until
> initialized? Given the speed of initialization you report, it shouldn't
> break any userspace apps while making sure that nobody uses predictable
> pseudoranom numbers.

My LRNG will definitely touch the beginning of the initramfs booting until it 
is fully seeded. As these days the initramfs is driven by systemd which always 
pulls from /dev/urandom, we cannot block as this would block systemd. In Ted's 
last patch, he mentioned that he tried to make /dev/urandom block which caused 
user space pain.

But if you use the getrandom system call, it works like /dev/urandom but 
blocks until the DRBG behind /dev/urandom is fully initialized.
> 
> I was considering asking for patch (or even trying to write it myself)
> to make current urandom block/fail when not initialized but that would
> surely have to be off by default over "never break userspace" rule (even
> if it means way too easy security problem with both random and urandom).
> Properties of your urandom implementation makes this point moot and it
> could make the random/urandom wars over.

That patch unfortunately will not work. But if you are interested in that 
blocking /dev/urandom behavior for your application, use getrandom.

> 
> Best Regards,
> 
> David Jaša


Ciao
Stephan

  reply	other threads:[~2016-06-15 16:58 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-05-31 18:37 [PATCH v4 0/5] /dev/random - a new approach Stephan Mueller
2016-05-31 18:37 ` [PATCH v4 1/5] crypto: DRBG - externalize DRBG functions for LRNG Stephan Mueller
2016-05-31 18:38 ` [PATCH v4 2/5] random: conditionally compile code depending on LRNG Stephan Mueller
2016-05-31 18:39 ` [PATCH v4 3/5] crypto: Linux Random Number Generator Stephan Mueller
2016-05-31 18:39 ` [PATCH v4 4/5] crypto: LRNG - enable compile Stephan Mueller
2016-05-31 18:39 ` [PATCH v4 5/5] random: add interrupt callback to VMBus IRQ handler Stephan Mueller
2016-05-31 22:34 ` [PATCH v4 0/5] /dev/random - a new approach George Spelvin
2016-06-15 16:17 ` David Jaša
2016-06-15 16:58   ` Stephan Mueller [this message]
2016-06-17 13:56     ` David Jaša
2016-06-17 15:26       ` Sandy Harris
2016-06-18  8:22         ` Stephan Mueller
2016-06-18  8:21       ` Stephan Mueller
2016-06-18 14:44       ` Theodore Ts'o
2016-06-18 16:31         ` Stephan Mueller
2016-06-20 17:07           ` Austin S. Hemmelgarn
2016-06-20 18:32             ` Stephan Mueller
2016-06-21 13:05               ` Austin S. Hemmelgarn
2016-06-21 13:19                 ` Tomas Mraz
2016-06-21 17:18                   ` Austin S. Hemmelgarn
2016-06-21 17:23                     ` Stephan Mueller
2016-06-21 17:54                       ` Austin S. Hemmelgarn
2016-06-21 18:05                         ` Stephan Mueller
2016-06-21 13:20                 ` Stephan Mueller
2016-06-21 17:51                   ` Austin S. Hemmelgarn
2016-06-21 18:04                     ` Stephan Mueller
2016-06-21 19:31                       ` Austin S. Hemmelgarn
2016-06-22  5:16                         ` Stephan Mueller
2016-06-22 12:54                           ` Austin S. Hemmelgarn
2016-06-22 13:25                             ` Stephan Mueller
2016-06-21 13:42                 ` Pavel Machek
2016-06-21 17:17                   ` Austin S. Hemmelgarn
2016-06-21 12:25         ` David Jaša

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=6137456.oZ1CFC9kFY@positron.chronox.de \
    --to=smueller@chronox.de \
    --cc=andi@firstfloor.org \
    --cc=cryptography@lakedaemon.net \
    --cc=djasa@redhat.com \
    --cc=hpa@linux.intel.com \
    --cc=joe@perches.com \
    --cc=jsd@av8n.com \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux@horizon.com \
    --cc=pavel@ucw.cz \
    --cc=sandyinchina@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).